summaryrefslogtreecommitdiff
path: root/man
AgeCommit message (Collapse)Author
2016-12-11basic/extract-word,man: clarify "correction" of invalid escapesZbigniew Jędrzejewski-Szmek
Our warning message was misleading, because we wouldn't "correct" anything, we'd just ignore unkown escapes. Update the message. Also, print just the extracted word (which contains the offending sequences) in the message, instead of the whole line. Fixes #4697.
2016-12-10Merge pull request #4835 from poettering/unit-name-printfZbigniew Jędrzejewski-Szmek
Various specifier resolution fixes.
2016-12-10Merge pull request #4795 from poettering/dissectZbigniew Jędrzejewski-Szmek
Generalize image dissection logic of nspawn, and make it useful for other tools.
2016-12-08Merge pull request #4686 from poettering/machine-id-app-specificZbigniew Jędrzejewski-Szmek
Add new "khash" API and add new sd_id128_get_machine_app_specific() function
2016-12-07Merge pull request #4843 from joukewitteveen/protocolLennart Poettering
Go through stop_post on failure (#4770)
2016-12-07network: support negation in matching patterns (#4809)David Michael
2016-12-07core: deprecate %c, %r, %R specifiersLennart Poettering
%c and %r rely on settings made in the unit files themselves and hence resolve to different values depending on whether they are used before or after Slice=. Let's simply deprecate them and drop them from the documentation, as that's not really possible to fix. Moreover they are actually redundant, as the same information may always be queried from /proc/self/cgroup and /proc/1/cgroup. (Accurately speaking, %R is actually not broken like this as it is constant. However, let's remove all cgroup-related specifiers at once, as it is also redundant, and doesn't really make much sense alone.)
2016-12-07man: drop reference to %U being uselessLennart Poettering
This paragraph was a missed left-over from 79413b673b45adc98dfeaec882bbdda2343cb2f9. Drop it now.
2016-12-07man: update the nspawn man page, and document what kind of dissection ↵Lennart Poettering
features we now support
2016-12-06man: fix $SERVICE_RESULT/$EXIT_CODE/$EXIT_STATUS documentationJouke Witteveen
Note that any exit code is available through $EXIT_STATUS and not through $EXIT_CODE. This mimics siginfo.
2016-12-05man: Document return value of event source prepare callback (#4834)Martin Ejdestig
2016-12-02treewide: fix typos (#4802)Torstein Husebø
2016-12-02Merge pull request #4228 from dm0-/coreos-1554Zbigniew Jędrzejewski-Szmek
networkd: support marking links unmanaged
2016-12-02networkd: VXLAN add better explanation for ARPProxy (#4781)Susant Sahani
This closes #4768
2016-12-01networkd: support marking links unmanagedDavid Michael
2016-12-01nspawn: optionally, automatically allocated --bind=/--overlay source from ↵Lennart Poettering
/var/tmp This extends the --bind= and --overlay= syntax so that an empty string as source/upper directory is taken as request to automatically allocate a temporary directory below /var/tmp, whose lifetime is bound to the nspawn runtime. In combination with the "+" path extension this permits a switch "--overlay=+/var::/var" in order to use the container's shipped /var, combine it with a writable temporary directory and mount it to the runtime /var of the container.
2016-12-01nspawn: permit prefixing of source paths in --bind= and --overlay= with "+"Lennart Poettering
If a source path is prefixed with "+" it is taken relative to the container's root directory instead of the host. This permits easily establishing bind and overlay mounts based on data from the container rather than the host. This also reworks custom_mounts_prepare(), and turns it into two functions: one custom_mount_check_all() that remains in nspawn.c but purely verifies the validity of the custom mounts configured. And one called custom_mount_prepare_all() that actually does the preparation step, sorts the custom mounts, resolves relative paths, and allocates temporary directories as necessary.
2016-12-01nspawn: add ability to configure overlay mounts to .nspawn filesLennart Poettering
Fixes: #4634
2016-11-30Merge pull request #4745 from joukewitteveen/notifyEvgeny Vereshchagin
Improvements for notify services (including #4212)
2016-11-29service: new NotifyAccess= value for control processes (#4212)Jouke Witteveen
Setting NotifyAccess=exec allows notifications coming directly from any control process.
2016-11-29bus-util: add protocol error type explanationJouke Witteveen
2016-11-29sd-id128: add new sd_id128_get_machine_app_specific() APILennart Poettering
This adds an API for retrieving an app-specific machine ID to sd-id128. Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload and the machine ID as key. (An alternative would have been to use siphash for this, which is also cryptographically strong. However, as it only generates 64bit hashes it's not an obvious choice for generating 128bit IDs.) Fixes: #4667
2016-11-29units: add system-update-cleanup.service to guard against offline-update loopsZbigniew Jędrzejewski-Szmek
Note: the name is "system-update-cleanup.service" rather than "system-update-done.service", because it should not run normally, and also because there's already "systemd-update-done.service", and having them named so similarly would be confusing. In https://bugzilla.redhat.com/show_bug.cgi?id=1395686 the system repeatedly entered system-update.target on boot. Because of a packaging issue, the tool that created the /system-update symlink could be installed without the service unit that was supposed to perform the upgrade (and remove the symlink). In fact, if there are no units in system-update.target, and /system-update symlink is created, systemd always "hangs" in system-update.target. This is confusing for users, because there's no feedback what is happening, and fixing this requires starting an emergency shell somehow, and also knowing that the symlink must be removed. We should be more resilient in this case, and remove the symlink automatically ourselves, if there are no upgrade service to handle it. This adds a service which is started after system-update.target is reached and the symlink still exists. It nukes the symlink and reboots the machine. It should subsequently boot into the default default.target. This is a more general fix for https://bugzilla.redhat.com/show_bug.cgi?id=1395686 (the packaging issue was already fixed).
2016-11-29man: update the description of offline updatesZbigniew Jędrzejewski-Szmek
- use "service" instead of "script", because various offline updaters that we have aren't really scripts, e.g. dnf-plugin-system-upgrade, packagekit-offline-update, fwupd-offline-update. - strongly recommend After=sysinit.target, Wants=sysinit.target - clarify a bit what should happen when multiple update services are started - replace links to the wiki with refs to the man page that replaced it.
2016-11-28socket-proxyd: Introduced dynamic connection limit via an option. (#4749)(GalaxyMaster)
2016-11-24calendarspec: make specifications with ranges reversibleDouglas Christman
"*-*-01..03" is now formatted as "*-*-01..03" instead of "*-*-01,02,03"
2016-11-23man: document protocol error type for service failures (#4724)Jouke Witteveen
2016-11-23calendarspec: add support for scheduling timers at the end of the monthDouglas Christman
"*-*~1" => The last day of every month "*-02~3..5" => The third, fourth, and fifth last days in February "Mon 05~07/1" => The last Monday in May Resolves #3861
2016-11-22Merge pull request #4692 from poettering/networkd-dhcpZbigniew Jędrzejewski-Szmek
Various networkd/DHCP fixes.
2016-11-22Document an edge-case with resume and mounting (#4581)Janne Heß
When trying to read keyfiles from an encrypted partition to unlock the swap, a cyclic dependency is generated because systemd can not mount the filesystem before it has checked if there is a swap to resume from. Closes #3940
2016-11-22nspawn: add fallback top normal copy/reflink when we cannot btrfs snapshotLennart Poettering
Given that other file systems (notably: xfs) support reflinks these days, let's extend the file system snapshotting logic to fall back to plan copies or reflinks when full btrfs subvolume snapshots are not available. This essentially makes "systemd-nspawn --ephemeral" and "systemd-nspawn --template=" available on non-btrfs subvolumes. Of course, both operations will still be slower on non-btrfs than on btrfs (simply because reflinking each file individually in a directory tree is still slower than doing this in one step for a whole subvolume), but it's probably good enough for many cases, and we should provide the users with the tools, they have to figure out what's good for them. Note that "machinectl clone" already had a fallback like this in place, this patch generalizes this, and adds similar support to our other cases.
2016-11-22nspawn: support ephemeral boots from imagesLennart Poettering
Previously --ephemeral was only supported with container trees in btrfs subvolumes (i.e. in combination with --directory=). This adds support for --ephemeral in conjunction with disk images (i.e. --image=) too. As side effect this fixes that --ephemeral was accepted but ignored when using -M on a container that turned out to be an image. Fixes: #4664
2016-11-21seccomp: add @filesystem syscall group (#4537)Lennart Poettering
@filesystem groups various file system operations, such as opening files and directories for read/write and stat()ing them, plus renaming, deleting, symlinking, hardlinking.
2016-11-21man: make /etc/nsswitch.conf documentation for nss-resolve match exampleLennart Poettering
Fixes: #4683
2016-11-18Merge pull request #4538 from fbuihuu/confirm-spawn-fixesLennart Poettering
Confirm spawn fixes/enhancements
2016-11-17core: allow to redirect confirmation messages to a different consoleFranck Bui
It's rather hard to parse the confirmation messages (enabled with systemd.confirm_spawn=true) amongst the status messages and the kernel ones (if enabled). This patch gives the possibility to the user to redirect the confirmation message to a different virtual console, either by giving its name or its path, so those messages are separated from the other ones and easier to read.
2016-11-17namespace: simplify, optimize and extend handling of mounts for namespaceLennart Poettering
This changes a couple of things in the namespace handling: It merges the BindMount and TargetMount structures. They are mostly the same, hence let's just use the same structue, and rely on C's implicit zero initialization of partially initialized structures for the unneeded fields. This reworks memory management of each entry a bit. It now contains one "const" and one "malloc" path. We use the former whenever we can, but use the latter when we have to, which is the case when we have to chase symlinks or prefix a root directory. This means in the common case we don't actually need to allocate any dynamic memory. To make this easy to use we add an accessor function bind_mount_path() which retrieves the right path string from a BindMount structure. While we are at it, also permit "+" as prefix for dirs configured with ReadOnlyPaths= and friends: if specified the root directory of the unit is implicited prefixed. This also drops set_bind_mount() and uses C99 structure initialization instead, which I think is more readable and clarifies what is being done. This drops append_protect_kernel_tunables() and append_protect_kernel_modules() as append_static_mounts() is now simple enough to be called directly. Prefixing with the root dir is now done in an explicit step in prefix_where_needed(). It will prepend the root directory on each entry that doesn't have it prefixed yet. The latter is determined depending on an extra bit in the BindMount structure.
2016-11-16systemctl: show waiting jobs when "systemctl list-jobs --after/--before" is ↵Lennart Poettering
called Let's expose the new bus functions we added in the previous commit in systemctl.
2016-11-15doc: move ProtectKernelModules= documentation near ProtectKernelTunalbes=Djalal Harouni
2016-11-15doc: note when no new privileges is impliedDjalal Harouni
2016-11-11man: add Itanium root GUID to table (#4656)Lucas Werkmeister
This GUID was added in #2263, but the manpage was not updated.
2016-11-11fstab-generator: add x-systemd.mount-timeout (#4603)Christian Hesse
This adds a new systemd fstab option x-systemd.mount-timeout. The option adds a timeout value that specifies how long systemd waits for the mount command to finish. It allows to mount huge btrfs volumes without issues. This is equivalent to adding option TimeoutSec= to [Mount] section in a mount unit file. fixes #4055
2016-11-11man: update machine-id(5) with a note about privacy (#4645)Zbigniew Jędrzejewski-Szmek
2016-11-10networkd: support setting dhcp client listen port (#4631)Susant Sahani
Allow setting custom port for the DHCP client to listen on in networkd. [DHCP] ListenPort=6677
2016-11-10man: mention start rate limiting in Restart= doc (#4637)Lucas Werkmeister
2016-11-10Link: port to new ethtool ETHTOOL_xLINKSETTINGSSusant Sahani
Link: port to new ethtool ETHTOOL_xLINKSETTINGS This patch defines a new ETHTOOL_GLINKSETTINGS/SLINKSETTINGS API, handled by the new get_link_ksettings/set_link_ksettings . This is a WIP version based on this [kernel patch](https://patchwork.kernel.org/patch/8411401/). commit 0527f1c http://github.com/torvalds/linux/commit/3f1ac7a700d039c61d8d8b99f28d605d489a60cfommit 35afb33
2016-11-09man/sd_watchdog_enabled: correct minor typos (#4632)Jonathan Boulle
2016-11-08Merge pull request #4536 from poettering/seccomp-namespacesZbigniew Jędrzejewski-Szmek
core: add new RestrictNamespaces= unit file setting Merging, not rebasing, because this touches many files and there were tree-wide cleanups in the mean time.
2016-11-08man: fix typo (#4615)Yu Watanabe
2016-11-08man: add an example how to unconditionally empty a directory (#4570)Zbigniew Jędrzejewski-Szmek
It was logical, but not entirely obvious, that 'e' with no arguments does nothing. Expand the explanation a bit and add an example. Fixes #4564.